Blocking IP Addresses

From Wiki
Jump to: navigation, search


Using your web.config file to block IP Addresses

To block a specific IP or a large range of IP Addresses you can use your "web.config" file by following the below steps.

  • If you do not have a web.config file in your site files then you will need to create one at this time. The code below is the basic code you would see in your web.config file:
<?xml version="1.0"?>
     <modules runAllManagedModulesForAllRequests="true"/>

To enable the block you will need to place the below code after the "<system.webServer>":

   <ipSecurity allowUnlisted="true">    
       <add ipAddress=""/>     <!-- blocks the specific IP of  -->                
       <add ipAddress="" subnetMask=""/>     <!--blocks network to>                
       <add ipAddress="" subnetMask=""/>     <!--blocks network to>                
       <add ipAddress="" subnetMask=""/>     <!--blocks entire /8 network of to>                

Once you update this code to the specif IP Addresses you are trying to block and click save any attempts from these IP's to hit the site will not go through.


Blocking IP Addresses through Cpanel

You will need to be logged into your Cpanel for your domain. Once logged in:

  1. You will click on "IP Deny Manager".
  2. Now you will see an option to add an IP Address or Domain to the block list.
  3. Once you enter the desired IP Address you should receive a message that states:
    "Users from the IP address(s) will not be able to access your site."


Blocking IP Addresses using a .htaccess file

You can also block IP addresses in Windows or Linux using a .htaccess file. If you do not already have one, you will need to create a file called .htaccess. You can then block IPs using the DENY command.

Here is an example:

order allow,deny 
deny from 
deny from 012.34.5. 
allow from all  

You can deny access based upon IP address or an IP block. The above blocks access to the site from, and from any sub domain under the IP block 012.34.5. (,,, etc.) After it sets those, it allows from all to allow all others to access the site. You can also set an option for deny from all, which would of course deny everyone. You can also allow or deny by domain name rather than IP address. For example Always test accessing your site from multiple IP addresses such as your PC and a SmartPhone not on wifi just to make sure it is allowing access as you intended.